Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.
Note
If you are a US Government customer, please use the URIs listed in Microsoft Defender for Endpoint for US Government customers.
Tip
For better performance, you can use server closer to your geo location:
- api-us.securitycenter.microsoft.com
- api-eu.securitycenter.microsoft.com
- api-uk.securitycenter.microsoft.com
API description
Retrieves a specific incident by its ID
Limitations
- Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
Permissions
One of the following permissions is required to call this API.
Permission type | Permission | Permission display name |
---|---|---|
Application | Incident.Read.All | ‘Read all Incidents’ |
Application | Incident.ReadWrite.All | ‘Read and write all Incidents’ |
Delegated (work or school account) | Incident.Read | ‘Read Incidents’ |
Delegated (work or school account) | Incident.ReadWrite | ‘Read and write Incidents’ |
Note
When obtaining a token using user credentials:
- The user needs to have at least the following role permission: ‘View Data’
- The response will only include incidents that the user is exposed to
HTTP request
GET .../api/incidents/{id}
Request headers
Name | Type | Description |
---|---|---|
Authorization | String | Bearer {token}. Required. |
Request body
Empty
Response
If successful, this method returns 200 OK, and the incident entity in the response body. If incident with the specified id was not found – 404 Not Found.
Example
Request
Here is an example of the request.
GET https://api.security.microsoft.com/api/incidents/{id}